This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

NT Authentication with Tomcat

 
Velmurugan Periasamy
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm running my Servlet/JSP application in Tomcat 3.2.3 on NT. (Thinking about moving to Tomcat 4.0)
I searched for information regarding setting up Tomcat with NT authentication and am really confused. There's no decent documentation.
Can somebody please provide clear information?
I want to know how Tomcat's authentication methods (the J2EE web application authentication methods - BASIC, Form based etc) can be mapped to NT authentication. Basically I want the users to login to the web application using their NT domain accounts and passwords.
Tomcat 4.0 talks about Realms, is it something to do with this?
Where does JAAS come into this picture? I read about JAAS but couldn't really find decent information on integrating it with Tomcat.
I'd appreciate your help.
Thank you very much.

------------------
Velmurugan Periasamy
Sun Certified Java Programmer
Sybase Certified EAServer Developer
----------------------
Study notes for Sun Java Certification
http://www.geocities.com/velmurugan_p/
 
mocca az
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know someone had similar issue just few weeks back. If you search the post I'm sure you'll find it here...
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've never used (or until now, heard of JAAS).

However, I've done a bit of noodling with J2EE, and this is a snip from their Devleoper's Guide for version 1.2.1
It goes on to describe the two (internal to J2EE service) realms.

So what you'd need to figure out is 'cross-realm' authentication, which seems like a buzzword I've heard before.
[This message has been edited by Mike Curwen (edited September 21, 2001).] IN a fruitless attempt to figure out how to make the text bigger.
[This message has been edited by Mike Curwen (edited September 21, 2001).]
 
Velmurugan Periasamy
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the responses.
Still struggling to get a clear picture and the relationship between these technlogies (JAAS, Web app security).
Interestingly, the J2EE specification says

All EJB containers and all web containers must support the use of the JAAS APIs..

But there is nothing mentioned about JAAS in the security chapter(chapter 3) of the specification. In the servlet 2.3 specifications JAAS is never mentioned.
The following links might be useful. I tried to get these things to work, yet no success.
http://sfg.sourceforge.net
http://free.tagish.net/jaas/index.jsp
In one of the Sun's forums I've read somebody has suggested to use LDAP/Kerberose/JNDI instead of messing with NT. I don't know exactly what he meant. Let me know if you find out anything.
Thanks.
------------------
Velmurugan Periasamy
Sun Certified Java Programmer
Sybase Certified EAServer Developer
----------------------
Study notes for Sun Java Certification
http://www.geocities.com/velmurugan_p/
[This message has been edited by Velmurugan Periasamy (edited September 25, 2001).]
[This message has been edited by Velmurugan Periasamy (edited September 25, 2001).]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic